Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-1422

Roles are not configured properly when using LDAP in Openshift

XMLWordPrintable

    • 2018 Week 30-32

      LDAP authentication in OpenShift images does not work correctly. It is possible to use LDAP to authenticate users, but users do not have proper roles. It seems that roles are still imported from "application-roles.properties".

      I have configured LDAP users as follows:
      dn: uid=admin,ou=people,dc=example,dc=com
      objectclass: top
      objectclass: uidObject
      objectclass: person
      objectclass: inetOrgPerson
      uid: admin
      cn: admin
      sn: admin
      userpassword: admin

      And groups as follows:
      dn: cn=admin,ou=roles,dc=example,dc=com
      objectclass: groupOfNames
      objectClass: top
      cn: admin
      description: Admin group
      ou: admins@example.com
      member: uid=admin,ou=people,dc=example,dc=com
      member: uid=adminUser,ou=people,dc=example,dc=com
      member: uid=Administrator,ou=people,dc=example,dc=com

      The following command was used to deploy the application:
      oc new-app rhpam70-authoring -p BUSINESS_CENTRAL_HTTPS_SECRET=secret1 -p KIE_SERVER_HTTPS_SECRET=secret1 -p IMAGE_STREAM_NAMESPACE=jpetrlik-test5 -p KIE_SERVER_CONTROLLER_PWD=controllerUser -p KIE_ADMIN_PWD=adminUser -p KIE_SERVER_PWD=executionUser -p AUTH_LDAP_URL=ldap://<url> -p AUTH_LDAP_BIND_DN="cn=Manager,dc=example,dc=com" -p AUTH_LDAP_BIND_CREDENTIAL=admin -p AUTH_LDAP_BASE_CTX_DN="ou=people,dc=example,dc=com" -p AUTH_LDAP_BASE_FILTER="(uid=

      {0}

      )" -p AUTH_LDAP_SEARCH_SCOPE="SUBTREE_SCOPE" -p AUTH_LDAP_ROLES_CTX_DN="ou=roles,dc=example,dc=com" -p AUTH_LDAP_ROLE_FILTER="(member=

      {1}

      )" -p AUTH_LDAP_ROLE_ATTRIBUTE_ID="cn

      I'm able to provide access to QE LDAP for further investigation if necessary.

        1. bpms.ldif
          1 kB
          Filippe Spolti
        2. standalone-full.xml
          35 kB
          Filippe Spolti

              rhn-support-fspolti Filippe Spolti
              jpetrlik@redhat.com Jiri Petrlik
              Jiri Petrlik Jiri Petrlik
              Jiri Petrlik Jiri Petrlik
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: